[HacktionLab] Electronic sealed envelope system?

Alan Dawson aland at burngreave.net
Sat Nov 3 17:05:32 UTC 2012 

On Sat, Nov 03, 2012 at 03:04:47PM +0000, penguin wrote:
> Hi Brent
> 
> I don't know of a technical solution. The only thing I can think of is
> to break the passphrase into a number of smaller components and each
> person only has one component. That way, at least several people
> (except you, who will know the full thing) are needed to recreate the
> full passphrase.
> 
> Not sure if I've explained this, so here's an example ...
> 
> You know the full thing: mypassphrase
> Persons A & B know this: 1:mypa
> Persons C & D know this: 2:ssph
> Persons E & F know this: 3:rase


You are describing Shamir Secret Sharing System


where you can take a secret, and split in n shares and where the secret requires t tokens  < n shares to recover it.

aland at lemon:~$ sudo aptitude install ssss

# split the secret into 4 shares which require at least 2 to recombine it

aland at lemon:~$ echo "verysecret" |  ssss-split -n 4 -t 2 
WARNING: couldn't get memory lock (ENOMEM, try to adjust RLIMIT_MEMLOCK!).
Generating shares using a (2,4) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters: Using a 80 bit security level.
1-e478c2b09e387bf7689f
2-bd77af129c2ade7a04b8
3-758d74736224bd012154
4-0f697456980f9560dce8

# put it back together again 1 way

aland at lemon:~$ ssss-combine -t 2 
WARNING: couldn't get memory lock (ENOMEM, try to adjust RLIMIT_MEMLOCK!).
Enter 2 shares separated by newlines:
Share [1/2]: 1-e478c2b09e387bf7689f
Share [2/2]: 2-bd77af129c2ade7a04b8
Resulting secret: verysecret

# put it back another way

aland at lemon:~$ ssss-combine -t 2 
WARNING: couldn't get memory lock (ENOMEM, try to adjust RLIMIT_MEMLOCK!).
Enter 2 shares separated by newlines:
Share [1/2]: 3-758d74736224bd012154
Share [2/2]: 2-bd77af129c2ade7a04b8
Resulting secret: verysecret


Alan Dawson
-- 
"The introduction of a coordinate system to geometry is an act of violence"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20121103/16094d9a/attachment.pgp>

More information about the HacktionLab mailing list